garudaplay Privacy Policy

This page describes what data we collect when you use garudaplay and how we keep that data protected. We take your privacy seriously — every piece of information you share with us is encrypted, stored securely, and used only for account management, payment processing, and regulatory compliance.

When you open an account on garudaplay, you provide personal details (email, full name, date of birth, government ID). When you deposit or withdraw, you share payment information. We use these details only to verify your identity, process your transactions, and comply with anti-fraud and anti-money-laundering regulations. We do not sell or rent your data to third parties for marketing.

This policy explains exactly what we collect, how we use it, who has access, and what rights you have. If you have any questions about how garudaplay handles your data, contact our support team.

What we collect on garudaplay

We collect three categories of data when you use garudaplay: account information, transaction information, and activity information.

Account information: When you sign up on garudaplay, we collect your email address, password (hashed for security), full legal name, date of birth, and government-issued ID (passport, national ID, or driving license). We also collect your residential address and phone number for contact purposes. This information is required for Know-Your-Customer (KYC) verification and is stored in our secure database.

Transaction information: When you deposit or withdraw via DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, or bank transfer (mobile banking, local payment, online payment, e-wallet), we collect transaction timestamps, amounts, and your payment provider's reference code. We do not store full bank account numbers or card details — payment processors handle those separately using industry-standard encryption.

Activity information: We log your login times, games played, bets placed, results, and account balance changes. This data helps us detect fraud, calculate your weekly cashback and loyalty tier, and respond to disputes. We also log your IP address and browser type for security monitoring.

We do not collect sensitive data

garudaplay does not collect health data, biometric data, or racial / ethnic information. We collect government ID numbers only to verify your identity — we do not use this data for any other purpose.

How we use your data on garudaplay

We use your data for six primary purposes. First, we verify your identity and age — your ID and date of birth confirm you are of legal age and match your account name. Second, we process payments — your payment information is shared with our payment processor (encrypted) to debit deposits and credit withdrawals. Third, we calculate your rewards — your activity history determines your weekly cashback amount and loyalty tier.

Fourth, we detect fraud and prevent abuse — we monitor login patterns, transaction sizes, and betting behavior for signs of account compromise or prohibited activity. If we detect risk, we may request additional verification. Fifth, we comply with law — we retain transaction logs and account data for anti-money-laundering (AML) and counter-terrorism financing (CTF) compliance, and we may disclose data if required by court order or regulatory authority. Sixth, we provide customer support — your activity history allows our team to investigate disputes and resolve issues.

We do not use your data to build marketing profiles or target you with personalized advertising. We do not share your email address with partners without your consent.

Who has access to your garudaplay data

Your data is stored on garudaplay's servers, which may be located outside Indonesia. We use third-party cloud providers to host our database — these providers operate under strict data-protection agreements and have contractual obligations to keep your data confidential.

Within garudaplay, only our compliance, finance, and support teams have access to your account data on a need-to-know basis. Payment processors (mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment) receive only the information necessary to process your specific transaction — they do not store this data on garudaplay's behalf. Our fraud-detection service scans for suspicious patterns but does not store your personal details.

We do not share your data with marketing partners, data brokers, or advertisers. If we are acquired by another company or merged, we will notify you and offer the option to delete your data or have it transferred under the same privacy terms.

KYC data
Know-Your-Customer information (name, date of birth, ID number) garudaplay collects to verify account holder identity and age eligibility.
Encrypted transmission
Data sent to and from garudaplay is protected using SSL/TLS encryption — this prevents third parties from intercepting your information in transit.
Data retention
We retain account and transaction data for a minimum of 5 years to comply with regulatory requirements and respond to disputes.
Third-party processors
Companies like payment providers and cloud hosts that process data on garudaplay's behalf — they are bound by data-protection contracts.

Cookies and tracking on garudaplay

Our website uses cookies to remember your login state and session information. These are essential cookies — without them, you would need to log in on every page. We do not use tracking cookies to follow you across other websites, and we do not use advertising pixels to build behavioral profiles.

Our website also uses web analytics (server logs) to count page visits and identify errors — this helps us improve garudaplay's performance. These logs contain your IP address and browser type but do not identify you personally. You can disable cookies in your browser settings, but this may impact garudaplay's functionality.

Your rights and data deletion on garudaplay

You have the right to request a copy of all data garudaplay holds about you. You also have the right to request deletion of your data, subject to legal hold periods. If you have an active account balance, we will process a withdrawal to your payment method before deleting account records. After deletion, you will not be able to recover your account or access any history.

We retain certain data indefinitely to comply with financial and anti-fraud regulations. Transaction records are kept for a minimum of 5 years. We may also retain activity logs to defend against disputes or legal claims. Data deletion does not apply to aggregated, anonymized data used for statistical purposes — this cannot identify you.

To request data access or deletion, contact our support team with your account email and a description of your request. We will respond within 10 business days.

Our garudaplay data-protection commitment

We encrypt all financial data using industry-standard SSL/TLS protocols and AES-256 encryption for stored data. Our servers are protected by firewalls and intrusion-detection systems. We conduct regular security audits and penetration testing. Our staff undergo data-security training annually.

If we discover a data breach affecting your account, we will notify you within 24 hours and advise you to change your password. We will also report the breach to relevant regulatory authorities if required by law. We maintain cyber-liability insurance to cover potential losses from security incidents.

This privacy policy applies to all garudaplay users worldwide. It may be updated occasionally to reflect changes in our data practices or applicable law. We will notify you of material changes by email or in-app notification. If you do not agree with our privacy practices, you may request account deletion at any time.

Related documents

Legal
Terms & Conditions
Our full account and platform rules
Legal
Legal Notice
Jurisdiction and regulatory disclosure
Support
FAQ
Common questions answered